<?php if(!session_id()) { session_start(); }
if(!isset($ver)) { include('../functions.php'); }
if ($_SESSION["pass"] != check($_SESSION["user"])) {
log_write('user', 'Possible hack attempt detected', 'Incorrect password specified for user');
die('HACK ATTEMPT: This attempted hack has been logged along with your IP');
exit;
} elseif(!isset($_SESSION["pass"])) {
log_write('user', 'Possible hack attempt detected', 'No password specified for user: '.$_SESSION["user"]);
die('HACK ATTEMPT: This attempted hack has been logged along with your IP');
exit;
} if($_SESSION["power"] != 'Administrator') {
log_write('admin', $_SESSION["user"].' has attempted to access the Admin area', 'Security Breach');
header("Location: /");
exit;
}
if(isset($_GET['name'])) { $file = file_get_contents(USERS_PATH.$_GET['name'].".opuf");
preg_match('/Home="(.*)"/', $file, $hmDr);
preg_match('/Power="(.*)"/', $file, $pwr);
preg_match('/trashdir="(.*)"/', $file, $td);
preg_match('/trashfile="(.*)"/', $file, $tf);
$trash_dir = $td[1];
$hme = $hmDr[1];
$pwr = $pwr[1];
$trash_file = $tf[1]; 
if($pwr == 'User') {
$pwr = "<input type='radio' name='power' checked='checked' value='user' />&nbsp;User&nbsp;<input type='radio' name='power' value='admin' />&nbsp;Admin"; } else {
$pwr = "<input type='radio' name='power' value='user' />&nbsp;User&nbsp;<input type='radio' name='power' checked='checked' value='admin' />&nbsp;Admin"; }
 function adduser($passErr) {
	global $home, $trash_dir, $hme, $power, $trash_file, $pwr;
echo <<<AOE
<style type="text/css">
.smalltext
{
    FONT-SIZE: 11px;
    COLOR: #333333;
    FONT-FAMILY: Verdana, Arial, Helvetica;
}
</style>
<form name="editUser" action="" method="post">
<input type="hidden" name="user" value="{$_GET['name']}" />
<input type="hidden" name="userpath" value="" />
								<fieldset>
        		 	                <legend>{$_GET['name']}</legend>
        		 	                <table style='width: 100%; border: 0px; padding:0px' cellspacing='0'>
            		 	                <tr>
            		 	                    <td width='30%' class='title'>Home Directory:</td>
            		 	                    <td width='70%' class='content'><input type='text' class='sql_form' name='home_dir' value='{$hme}' /></td>
            		 	                </tr>

        		 	                	<tr>
            		 	                    <td width='30%' class='title'>Trash Directory:</td>
            		 	                    <td width='70%' class='content'><input type='text' class='sql_form' name='trash_dir' value='{$trash_dir}' /></td>
            		 	                </tr>
            		 	                <tr>
            		 	                    <td width='30%' class='title'>Trash File Location:</td>
            		 	                    <td width='70%' class='content'><input type='text' class='sql_form' name='trash_file' value='{$trash_file}' /></td>
            		 	                </tr>
            		 	            </table>
        		 	                <table style='width: 100%; border: 0px; padding:0px' cellspacing='0' width="1113" height="98">
										<tr>
            		 	                    <td class='title'>New Password: (for password changes only)</td>
            		 	                    <td class='content' colspan="2"><input type='password' class='sql_form' name='password' /></td>
            		 	                	<td height="24">&nbsp;</td>
										</tr>
										<tr>
            		 	                    <td class='title'>Confirm New Password:  (for password changes only)</td>
            		 	                    <td class='content' colspan="2"><input type='password' class='sql_form' name='confirm_password' /></td>
            		 	                	<td height="24">&nbsp;</td>
										</tr>
										<tr>
										  <td class='title'>Power:</td>
										  <td class='content' colspan="2">
										  {$pwr}</td>
										  <td height="24">&nbsp;</td>
									  </tr>
            		 	            </table>
							<input type="button" class="nButton" name="editUsr" onclick="javascript:addusr('admin/edituser.php','POST');" value="Edit User" />
            		 	        </fieldset></form>
AOE;
} } // End adduser function
if(isset($_POST['user'])) { 
/*****[BEGIN]******************************************
 [ Base:     oPanel add user function          v1.0.0 ]
 ******************************************************/
if($_POST['password'] != '' && ($_POST['password'] != $_POST['confirm_password'])) { $error = '<center><font color="red">The passwords you typed do no match.</font></center>'; }
if($_POST['home_dir'] == '' || $_POST['trash_dir'] == '' || $_POST['trash_file'] == '' || $_POST['power'] == 'undefined') { $error = '<center><font color="red">A require feild is missing.</font></center>'; }
if ($_POST['power'] == 'admin') { $pw = 'Administrator'; } else { $pw = 'User'; }
$file = file_get_contents(USERS_PATH.$_POST['user'].".opuf");
preg_match('/IP="(.*)"/', $file, $IP);
preg_match('/LastLogin="(.*)"/', $file, $LLogin);
preg_match('/Password="(.*)"/', $file, $td);
$Tehpass = $td[1];
$LLogin=$LLogin[1];
$IP = $IP[1];
if($_POST['password'] != '') { $Tehpass = crypt(md5($_POST['password']), md5($_POST['user'])); }
$userfile=' - User Password And Access Info -
Password="'.$Tehpass.'"
Power="'.$pw.'"
 - User Settings -
Home="'.$_POST['home_dir'].'"
trashdir="'.$_POST['trash_dir'].'"
trashfile="'.$_POST['trash_file'].'"
 - Login Information -
LoginAttempts="1"
LastLogin="'.$LLogin.'"
IP="'.$IP.'"
----------------
oPanel User File';
$nUF = USERS_PATH.$_POST['user'].'.opuf';
if(isset($error) && $error != '') { echo '<fieldset><legend>Error</legend>'.$error.' <a href="javascript:showContent(\'editusr&name='.$_POST['user'].'\')">Click here to try again</a></fieldset>'; exit; }
if($fp = @fopen("$nUF","w+")) {
$content = stripslashes($userfile);
fwrite($fp, $content);
fclose($fp); } else { echo '<fieldset><legend>Error</legend><center><font color="red">The user folder is not writable.</font></center><a href="javascript:showContent(\'editusr&name='.$_POST['user'].'\')">Click here to try again</a></fieldset>'; exit; }
if($_POST['password'] != '') {
$pwbit = '<tr>
    <td class=\'title\'>Password:</td>
    <td>'.$_POST[password].'</td>
  </tr>'; } else { $pwbit = ''; }
echo <<<EOA
<fieldset><legend>New User</legend>
The user {$_POST['user']} has been edited and now has the following details:<br />
<table width="100%" border="0" cellspacing="0" cellpadding="0">
  <tr>
    <td class='title' width="30%">User Name:</td>
    <td width="86%">{$_POST['user']}</td>
  </tr>
$pwbit
  <tr>
    <td class='title'>Power:</td>
    <td>{$pw}</td>
  </tr>
  <tr>
    <td class='title'>Home Directory:</td>
    <td>{$_POST['home_dir']}</td>
  </tr>
  <tr>
    <td class='title'>Trash Directory:</td>
    <td>{$_POST['trash_dir']}</td>
  </tr>
  <tr>
    <td class='title'>Trash File Location:</td>
    <td>{$_POST['trash_file']}</td>
  </tr>
</table>
Note: When the user logs in for the first time they will be required to change their password.</fieldset>
EOA;
/*****[END]********************************************
 [ Base:     oPanel add user function          v1.0.0 ]
 ************************/}/***************************/
  else {
	echo adduser('');
 }
?>